Wednesday, June 29, 2011

The Basics of Local DNS for Small Business Server 2011 Essentials

[Post idea courtesy of Robert Pearman, MVP]

If you’ve used Windows Small Business Server in the past, you’ve probably figured out exactly how DNS works. With the SBS 2008 and SBS 2011 the Connect to the Internet Wizard would analyze your network and determine a static IP address to use, and then ensure you like it before making it the server’s IP address. Then as we all know, the DNS server runs on SBS and resolves local network addresses, like “domain.local” or “server” or the internal fully qualified domain (FQDN) “server.domain.local”

Since SBS 2008 and SBS 2011 are DHCP servers by default, that means they hand out IP addresses, and the server’s IP as the DNS server. DNS works flawlessly in such an environment. Internet based addresses (such as Microsoft.com) are first sent to the SBS box for resolution, and then forwarded on to the ISPs DNS servers for name resolution.

Ultimately SBS is a middle man in the peer to peer DNS infrastructure and gives the full power of DNS to the local network

So how is SBS 2011 Essentials Different?DNS!

SBS 2011 Essentials doesn’t assign itself a static IP address, and it doesn’t have a Connect to the Internet Wizard. Essentials will automatically connect to the Internet just like any client computer, using the DHCP assigned address. It does however use its local DNS server to resolve both local and Internet based names by overriding the DHCP assigned IP address to 127.0.0.1 (localhost). If you dig into the DNS settings, you’ll notice that the DNS Server picks up the routers IP as a forwarder. Routers by default will hand out their own IP as the DNS Server and proxy DNS out to the WAN configured (usually DHCP but sometimes services like OpenDNS) DNS servers. This means that if the server were to ask for an Internet based address, like technet.com, it would forward that request to the router, which would intern forward it to the ISP, which could hopefully resolve it for you.

Clients on the network also still need to use the SBS DNS Server in order for Active Directory to work, or to resolve the server and other services on the network (for example, client backup doesn’t work unless DNS is operating correctly). Clients *also* get their IP and DNS Server from the DHCP server, which in Essentials, by default, is the router. This means that the DNS server is the router, essentially skipping the SBS name resolution step. Once the client goes to http://server/connect, a service is installed called LAN Configuration Service. This service monitors client IP address changes, when the client gets a new IP (ie, it turns on, or it changes locations) it immediately sends out a UPnP query looking for the server (note, this only works on single subnet environments). If a server is found, the DHCP assigned DNS address is overwritten by the server’s IP address (obtained in the return call from UPnP). If no server is found, the DHCP DNS assigned address is kept.

This means that client computers get the SBS DNS address within the SBS network, but the DHCP assigned address at a place like StarBucks. Clients can always resolve the Internet, and inside of the SBS network, they can also resolve the SBS server and Active Directory domain.

Now, for those paying attention, you’ll have recalled that the SBS server’s address is also DHCP assigned, which means it can change if the router deems it necessary. There is a similar service on the SBS server that will broadcast when it’s IP address changes, the clients on the network pick this up and update DNS, the clients off the network will just re-do the process above to get the right IP address.

A side-effect/pro of this design over the SBS 2008 or 2011 Standard design is that if the server is down for patching (we all know how long those reboots take), or another reason, the client will revert back to the DHCP assigned address after a short period of time and can continue to resolve the Internet until the server comes back online.

Can I set things up the old way?

Of course you can. SBS 2011 Essentials is still a full blow copy of server, and all the power that you’re familiar with is there. You can just jump into the NIC settings on the server and give it a static IP address of your choice. No problems there.

Additionally, if you absolutely wanted to run DHCP on the SBS Essentials server, no problems there either, simply open up the Server Manager, install the roll and configure DHCP. Don’t forget to turn off DHCP on your router, and away you go. If you’re not familiar with DHCP settings though, I suggest you leave it the way it was.


80 comments:

Anonymous said...

Sean,

Your DNS article does not discuss how SBSe sets the DNS forwarders entries in the Server's DNS properties. One problem I encountered is that I set up the server on a network where the router was at 192.168.1.1 -- and then transported the server to the intended site where the router was at a different 192.168.x.x address. DNS did not work after the move. The Forwarders entry for the (missing) old router IP address was preventing proper name resolution, and had to be manually deleted to restore that functionality. Some server process had inserted the new router entry after the missing router entry, so I did not need to add it. That process should remove the 'missing' router, if this is to be a truely 'plug and play' solution. People are going to move these things! Thanks for your time and the original post.

Sean Daniel said...

That's a very good point. Yes, that is the case. This is nothing to do with SBS, the standard server DNS server will obtain forwarders on install and not update them in the event that the server is moved to a new subnet.

yeazlin said...

This article does help me to configure my SBSe DNS.

But one thing I noticed is, even my workstation on the same network as SBSe that haven't go through the http://server/connect wizard can still resolve my SBSe using ISP DNS. This puzzled me. I have the default configuration as you described, the only different is the SBSe DNS Server picked up the ISP DNS as forwarder, this is because my router relayed the ISP DNS information to SBSe.

Would you able to explain this?

Franchising business Philippines said...

Great contribution you have there!
This can be of help for people who wants to have a small business.

sugar

Unknown said...

i have read your blog you have potted very good sort of information on your blog i like to visit here thanks for sharing this information with us

sbs 2008

Jim said...

Sean,

I have setup my first SBS Essentials network for one of my clinets a couple of weeks ago. Everything works fine for the majority of users where they get assigned the SBS's IP as a static DNS when they are connected to the office network and the DHCP DNS when they are at home. However, I have one user that always has the SBS IP assigned as the static DNS. I have had to have him manually change it back to "Obtain DNS server address automatically" about 3 times now. That fixes it fine until he comes back to the office and it gets changed back to "Use the following DNS server addresses," assigned to the SBS's IP address, upon returning to the office. What could be causing this and what would you suggest as far as troubleshooting steps?

Sean Daniel said...

As mentioned above, this is how the SBS client code works. We statically set the DNS address to the SBS server with our LAN CONFIG service. if you leave the network, it should get set back to dynamically assigned.

Jim Reid said...

I just reread my original comment and it wasn't very clear. What I'm attempting to say is that one laptop user on our SBS 2011 domain is getting assigned a static DNS by the LAN Config service when he is connected in the office, but the service is failing to revert him back to dynamically assigned DNS when he leaves the office network. He has to manually revert the configuration back to "Obtain DNS server address automatically." Is there anything you've seen that would cause the LAN Config service to set the Static DNS correctly when in the office but fail to revert it to Dynamic DNS when away? Any suggestions on what could be causing the problem and how to fix it are greatly appreciated.

Sean Daniel said...

Hi Jim,

Did you make sure the LAN Configuration service is started? It should be, but I've seen one or two instances where it wasn't started. if you re-kick it (stop/start)... does it fix the issue?

Bryan said...

Thanks for the very informative article. I'm also installing SBS essentials and was having a hard time figuring out exactly what was going on. When I saw that it had not given the server a static IP, I decided that I better go ahead and give it one. Then I thought that they must be up to something, so I put it back to dynamic. With the changes back and forth it seemed to get messed up, because now the client (I've only connected one so far) isn't resolving names on the internet, but the server is. Also, the client is even resolving //Server/connect. Maybe the LAN Configuration service got turned off. I'm not worried about it because I've about decided to just do it "the old way". It seems like Microsoft is assuming that anyone who is installing Essentials isn't going to be paying any attention to the NIC config. settings, so they don't bother telling you. That is a bad assumption. There are other reasons to go with Essentials instead of Standard or 2008 Foundation, other than that you are not aware of TCP/IP. All they had to do was put a screen in the connector program explaining it. It would have saved many people some time, I'm sure. Anyway, that is my anti-Microsoft rant for the day. My only question is, if I set it up to do it the old way, should I turn off the LAN Configuration Service? And what about the similar service that the Server is running? What is it called, and should I turn it off? Thanks.

Bryan said...

Correction to above. I meant to say "the client is NOT even resolving //Server/connect."

Sean Daniel said...

Hi Bryan,

Thanks for your feedback. Typically partners that are out in the community like yourself understand NIC settings and such. Many do not, and SBS essentials was also designed to be installed by people less technical than yourself.

You can absolutely set it up the old way, it's designed to work both ways. You can even disable the LAN CONFIG service no the client if you want, but you don't have to.

I'm actually the person who made the decision to do it this way. The reasoning was that people like yourself will know how to do it properly, and can just set it up that way, while people who don't understand static IP addresses, and probably will never read this post, it just kinda works for them in most cases.

Hope that helps,
Sean

Bryan said...

Thanks for the reply. I joined one client to the network "the old way" this evening and it is working, so that is the way I will go. I also should mention that it did work the first time using the connector program, and my problem was just that I didn't expect it to work that way and figured I needed to change it, then decided to change it back, and that is when something didn't work right. Anyway, I definitely see the value of a server OS that really can configure the IP addresses automatically, and all you have to do is follow on screen directions. I guess my main suggestion is a short, prominent statement somewhere that briefly explains the choice, and then gives a link to your article. But I can also see that they may not want to confuse people who really don't care about it, so it might be a tough balance. Thanks again.

Arthur Hawkins said...

Hey Sean,

Just wondering if you have run into this.. I am trying to use OpenDNS on my network to enable website filtering.. The server is set up with a static IP, I am also running DHCP from the server, and I have the OpenDNS servers set up as forwarders in DNS..

Every time the server restarts for updates or whatever, my router 192.168.0.1 keeps getting put back into the forwarders table - I can't figure out how to disable this feature.. I changed Windows Update to not install automatically so that I can try to monitor this and delete the entry after a reboots..

Do you know of any way to delete or stop this feature?

Sean Daniel said...

DNS will automatically detect forwarders. I'd suggest also adding OpenDNS into your router DNS configuration and then you'll be set regardless of what happens. I believe Windows DNS will use your forwarders first.

Bryan said...

Just a followup and a couple questions. I ended up trying a system restore to get the connector program to work. That took care of it, and I decided to go that way after all. However, Launchpad seems to add significantly to the start up time of the client computers. (We shut down our computers at night.) If I decide to give the server a static IP address, could I uninstall Launchpad from the clients? If I did, could I get access to Backup and Dashboard another way? Thanks.

Sean Daniel said...

The launchpad is the client UX for entry. You can always do the backup from the server. You can also create a RDP link on your desktop to get to the dashboard, it's just a remote application.

Chris Melancon said...

Interesting, but I am not seeing this automatic behavior function properly. Having come from previous SBS environments, I habitually set the DHCP DNS from the router to point to the static IP of the SBS box on site. Every machine works great on site with the SBS. But the first time I took a notebook offsite to test VPN connectivity, I found that the DNS was hardcoded to the SBS address, so internet anywhere else was broken. I set DNS back to DHCP assigned and everything worked as expected. The DNS settings even were broken on Verizon Wireless adapters on some machines with built-in 3G and 4G connections, though fixing DNS once appears to be a permanent solution on those adapters.

I found that the LAN Config service was supposed to be responsible for doing this so disabled it, set the adapter to DHCP again, and thought we were good. But these machines are regularly reset to point to the SBS box every time they come back to the office, which then breaks DNS the next time they leave. The wireless adapter is always hardcoded with the LAN IP of the SBS box. It clearly did not work with the default configuration, and something breaks it with "the old way" (or a reasonable facsimile thereof - since the SBS box is not doing DHCP) by turning off DHCP DNS without regard to whether or not DNS is currently pointing to the SBS. These machines are in and out of the office several times a week or more, attempting to get online on other WLANs and connect to the VPN when they are out of the office, so this issue is troublesome.

Can you tell me what else needs to be disabled to make SBS leave the DNS settings alone? I haven't dug through the group policy yet but I imagine that's a likely place for that setting to be pushed to the client. Or what action forces a reset with LAN Config running? I am not stuck to the "old way" as long as I can configure it in a way that works every time to end user frustration.

Chris Melancon said...

Played with the LAN Configuration service today on my client's machines that were having the DNS issues. The behavior I found is that when the LCS sees the server, it hard codes DNS for every adapter (Wifi, Ethernet, and 3G/4G) until a network connection is made and identified at a time when the server cannot be contacted. Several seconds after that, the DNS settings go back to DHCP assigned servers. This appeared to be mostly reliable although sometimes it seemed the settings took a little while to kick in.

Where this appears problematic is when the client connects to the VPN. All DNS servers are set to the private IP of the SBS, which is fine. But when the VPN is disconnected, the DNS settings do not revert, leaving Internet broken until that network is disconnected and reconnected. This behavior occurs on both Wifi and cellular data, ethernet was not tested. I left this alone because the likely use case is that when the client is done with the VPN he will also be done with his machine, but this may not necessarily always be the case.

Additionally, I attempted to reenable the service via Group Policy so as not to have to touch all the machines this service was disabled on. However, on the server's service list, there is no LAN Configuration service and instead a Network Helper service in its location in the list but not present on client PCs. Creating and enabling a GPO to set this service to Automatic appeared to have no effect on client machines.

Unknown said...

OK -- we should be a little clearer here guys. In the Windows Services console (services.msc), it's referred to as "Windows Server LAN Configuration" -- not "LAN Config" or "LAN Configuration".

I quickly opened services.msc and searched for both of those terms -- couldn't find either. Came across this page (http://blogs.technet.com/b/sbs/archive/2011/09/22/running-dhcp-server-on-sbs-2011-essentials-with-a-static-ip.aspx) which clarified the name for me.

Bryan said...

I have a similar question. In my previous post I said I had decided to use the automatic connect function. I did and it worked well. However, we soon noticed intermittent internet connection problems. To make a long story short, I thought there was reason to suspect that DNS was not working fast enough, and it was timing out. I couldn't find an easy way to increase the time, so I added the router as a secondary DNS pointer on each client's NIC configuration. So I now have it that each client points first to the server and then to the router. This is the way we had them set up before. The only two people who take their computer home apparently have the same address for their router at home so it works. I also made the server static, because I am not letting DHCP give the DNS pointers to the client. Since I am hard coding them in, it had to be static. This worked to fix the intermittant problem. The only thing is that sometimes SBS is taking over and making the server the only DNS pointer. I think it may happen only when a computer is already powered up when the server is started up, but I'm not sure. Anyway, (Like Chris above) I would like to disable this.

I found the "Windows Server LAN Configuration" service on the clients. On the server I found "Windows Server Networking Helper" service and "Windows Server UPnP Device Service". From its description in the services list, and from the original blog, I suspect this may be the one. Which of these services should be turned off to get SBS to leave the NIC settings alone? And will turning it (them?) off cause any problems? Thanks.

Sean Daniel said...

Lots of good discussion here, which I am loving.

The "Windows Server Lan Configuration" service is the one that changes the DNS settings pending discovery of the server, so that's the only one you can choose to disable if you set up DHCP/DNS manually and give the server a static IP address. Do not disable the "Windows Server Networking Helper" service, and the "Windows Server UPnP Device Service" has a totally different cause.

Anonymous said...

Hi Sean and others,

I'd like to report I'm seeing the same behavior as Chris Melancon and others, where a SBS Essentials client keeps having its DNS statically set to the server IP even when it is not connected to the SBS network.

The machine has a wired and wireless connection. Only the wireless connection is used. It runs Windows 7 Home Premium. I have previously configured the "Windows Server LAN Configuration" service to be stopped and set it to disabled.

Yesterday afternoon, the user called from home again to say they could not connect to the internet, and the cause was again that the wireless NIC was manually set to use a single IP, the IP of the SBS Essentials server. The wired NIC was configured to use automatic DNS assignment as I had previously configured it.

So, is there something else in the SBS client software stack, maybe the launchpad app, that has the ability to change client DNS settings?

I just want to turn this behaviour completely off so the client always stays on Automatic settings and functions like any other Windows client OS.

Thanks,
Tim Miller Dyck

Sean Daniel said...

For those of you who are having issues in the comments regarding IP addresses switching back to dynamic, we can't seem to reproduce this in house, and would like you to report the issue with logs attached.

Please report the issue in Microsoft's Connect Website and also ensure you collect the appropriate logs on you client and server using the new log collector.

this will ensure that our support team gets the required information to investigate the root cause and potentially releaese a fix for the issue you're having.

Anonymous said...
This comment has been removed by the author.
Anonymous said...

I am also experiencing the same issue on my laptop. Dell Vostro 1520. I'm wondering if it could be an adapter (hardware) issue.
Sometimes when I leave my house/domain it goes back to automatic DNS config, but other times, it stays on the static IP of my server in the domain and I have to manually change back to dynamic dns acquire to get internet connectivity working again.
I just tried out the step of disabling Windows Server LAN Configuration Service and well report back on how that works.
I don't know how to use the log collector effectively to capture these instances without sending you a bunch of other irrelevant log info.
Cheers,
Ben

Tim Miller Dyck said...

Hi Sean, I have posted server and client log files on the Connector web site. Thanks for asking about it. -Tim Miller Dyck

Phil Hartles said...

Glad to have stumbled across this thread - I have the same issue with DNS not reverting to 'Obtain DNS server address automatically' when not connected to the SBSe network.

I too have posted Server and Client log files to the Connect website.

AxeBro said...

Sean - this is a great write-up. My issue is similar to those above but slightly different. When my laptop is at a client's location, and I connect via SSL VPN (outside of SBS), my DNS servers get changed to the SBS server as expected. However, that means that I can no longer access intranet sites and services at the client's location, since my DNS queries are now running thru the SBS machine.

Perhaps the Lan config client should copy the DHCP server assigned DNS address as the alternate, and make the SBS DNS the primary? this way, the resolution would work on all fronts?

AxeBro said...

Hi Sean,

If/when you see this ... I was able to resolve my issue by disabling the Lan Config Service. I don't see any side effects of doing so. Technet
Post

Anonymous said...

I've got no issue with the way MS does DNS in SBSe IFF it actually worked.

For some reason an entire site went down this morning because after their internet dropped the LANConfig service gave every computer a manual DNS of 169.254.x.x and never bothered to switch it back once the internet was restored.

#nothappy

Anonymous said...

I wanted to post a workaround I have deployed for the user that has this issue. Unfortunately, the user needs to be a local administrator to run this.

Create a shortcut to cmd.exe, setting Shortcut > Advanced… > Run as Administrator to enabled, and setting the command to be:

%windir%\system32\cmd.exe /c netsh interface ip set dns "Wireless Network Connection" dhcp

Where "Wireless Network Connection" is the name of the wireless network connection.

There is still a UAC prompt when the cmd.exe icon is clicked but no right-clicking, Run as Administrator is required.

This just changes the NIC settings back to get DNS through DHCP instead of using specially set DHCP server IPs.

Regards,
Tim Miller Dyck

Anonymous said...

Hi Sean,

Which DNS address should be configured in my SBS Server's NIC? I had to set my router's IP because, if not, client PCs couldn't connect to the Internet.

Thanks!

Emiliano

Sean Daniel said...

The SBS Server's NIC should be 127.0.0.1 (local host), and then inside DNS, the DNS forwarders should either point to your router's IP, or to your ISPs (or even OpenDNS or the like) DNS servers. Your clients DNS server should always be the server in SBS scenarios.

Sam said...

This approach is very unreliable, slowly reacting (if at all), confusing, frustrating... Sorry, but this is our experience.
Why don't you just install DHCP on the SBS and configure it to assign the correct DNS? Maybe automatically assign two DNS: router and server to omit the forwarder?

Sean Daniel said...

Hi Sam,

Thanks for the feedback. I'm sure the readers of this blog are all excluded from this comment, but one of the highest support calls we get in SBS is miss-configured DNS on the local network. This was put in place to address it. if you set up DNS correctly on your network, then this sort of fades away.

Anonymous said...

So to sumarize,
If I want to setup DHCP the old fasion way I should:
1) Set static IP on the server
2) Install & configure DHCP
3) Stop & Disable "Windows Server LAN Configuration" service on the server
4) Stop & Disable "LAN Configuration Service" service on the clients
Is that correct ?
Can the last part be done using GPO at Windows Setting\Security Settings\System Services ?

Sean Daniel said...

I would leave the server one running (ie, don't do step 3), and yes you can use GPO for the later. I don't have steps for that.

Anonymous said...

Sean, I'm also seeing the same behavior with my laptops connected to SBSe. All of these laptops use the wired LAN connection, but when they go home, they use their home wireless connection. And with the Windows Server LAN Configuration service automatically assigning the DNS on all NICs including the wireless cards, they cannot surf. My thought was to simply add 8.8.8.8 to the secondary DNS entry for the wireless cards, which would allow for surfing while away. I just don't know if the service will remove this other static DNS entry upon reboot.

Thanks for your suggestions.

Ken

Sean Daniel said...

it's typically poor practice to use DNS servers in the primary and secondary DNS entries that have different scope. This is because Windows doesn't always try the primary first, and then the secondary. if one fails, it moves to the secondary and only moves back when that one fails.

I suggest manually configuring your DNS correctly within DHCP on your server and disabling the LAN service as mentioned in above comments.

Anonymous said...

Thanks.

I have configured my SBSe server to use a static of 192.168.1.2 and my router uses 192.168.1.1. The router is also hosting DHCP, but I have set it to issue 192.168.1.2 for DNS back to the internal clients. I cannot move DHCP to the SBSe box as my Netgear router is a dual WAN device that has an auto-fallover setup for multiple ISPs. RWW doesn't work during fallover mode, but it's more critical for the internal clients to maintain Internet.

Can I disable the LAN service on my clients PCs in this setup so that the wifi card will not revert to the 192.168.1.2 DNS? All of the laptops are using the wired connection for better performance.

Ken

Anonymous said...

I'm experiencing this same issue. I have setup to small businesses recently, the first on an HP Microserver prior to them preinstalling the OS and then the second one where I got a HP microserver with SBSe 2011 preloaded. I have the same Samsung Series 9 laptops on both networks for mobile users, but the one network with the preinstalled OS from HP is experiencing the static DNS "sticky" situation where it won't revert back to automatic DHCP when off the SBSe LAN. I'm still wondering if there is a better way to troubleshoot this issue as my client is not all too happy about this....ah slight "inconvenience" based on this "upgrade" from SBS 2003 to SBSe. You would think the network part would work right on an 8 year difference in the version!

-Stonemeel

psilberman said...

In an early response, you said: "This is nothing to do with SBS, the standard server DNS server will obtain forwarders on install and not update them in the event that the server is moved to a new subnet.

I set up the server on one subnet but had to move it to another.

How do I update the forwarders on SBS 2011 Essentials so that server DNS will work after that move?

Thanks.

Sean Daniel said...

If you go to administration tools, and DNS, you can right click on the DNS server, go to properties, and there is a "forwarders" tab you can add/remove forwarders in here. Please do not confuse this with root hints, do not remove or touch the root hints tab.

SteveG said...

Sean

Apologies for going slightly off the thread on this.

I'm a long-term installer of SBS200x, and have just deployed my first 2011 Essentials server. I'm a big believer of having the DNS and DHCP servers hosted by SBS for a number of reasons. So, in order to avoid the types of issue that the particpants in this thread have been describing, I quickly decided to install DHCP and disable the LAN Config service.

Installation of the DHCP role is straightforward enough until the question of IPv6 is raised.

I'd assigned a static IPv4 address to the single NIC on the SBS2011 server prior to installing the DHCP role, but I have to admit that I skipped making any changes to the IPv6 config and therefore it was still set to dynamic when the role was installed.

After the install, the server keeps warnin me to set a static IPv6 address on the server in order to be able to manage an IPv6 scope in DHCP.

My question is, since 2011 Essentials doesn't include Exchange (moved these clients to Office365), will SBS2011 Ess break if I disable IPv6 on the server like it use to on the older versions? If the recommendation is to retain IPv6 on the server to prevent issues with the clients, where can I find info in the structure of the IPv6 addressing components to fill the fields in the IPv6 static address setup?

All clients in the network concerned are running Win7 Pro.

Sean Daniel said...

I believe you can have both IPv4 and IPv6 as dynamic and things will "warn" you but not break.

dave L said...

Hi,

In my console on SBS2011 I see my web server certificate and when I right click it and view properties I see
issued to: remote.name.com and issued by name-server-ca.

yet when I open the certificate distribution package and double click the sbscertificate in their I see:
issued to : name-server-ca
issued by : name-server-ca

should the installtin certificate be the same as the first one I viewed.
If so how any idea how I can fit it please as outlook anywhere wont work for me.
thanks

James said...

Hi Sean...

I just wanted to report that I have a client laptop which has now developed the same issues as described above; sometimes when they connect to another network (e.g. at home) the DNS settings do not revert and server IP address remains as primary DNS, resulting in no connectivity.

Is there a fix for this issue yet, or what is the best workaround now to mitigate this?

Thanks!

Unknown said...

Same problem with an install I just did - frustrating for client (and embarassing for me). I too am going back to traditional configuration and turning off Windows Server LAN configuration on all of the cliet PCS, enabling DHCP on server, etc

This means though that if the server is down, DNS is down.

Is there a long-term fix for this?

Sean Daniel said...

see my comment above about reporting hte issue:

For those of you who are having issues in the comments regarding IP addresses switching back to dynamic, we can't seem to reproduce this in house, and would like you to report the issue with logs attached.

Please report the issue in Microsoft's Connect Website and also ensure you collect the appropriate logs on you client and server using the new log collector.

this will ensure that our support team gets the required information to investigate the root cause and potentially releaese a fix for the issue you're having.

olivier said...

I have the same problem than Jim. When the server is not available (ie at home), the settings for the DNS are not udpdated from the DHCP server (the router), therefore I can't connect to internet. I have to go in the adapter setting and tick the "obtain DNS server address ..." to make internet connection working. Not very practical. Perhaps there is something wrong in my configuration (seven), but I don't know what.

Cory said...

Very informative, thank you. However, the 3rd comment to this blog post from yeazlin on 7/22/2011 asks the following and does not appear to have ever been answered. I have the same question.

"But one thing I noticed is, even my workstation on the same network as SBSe that haven't go through the http://server/connect wizard can still resolve my SBSe using ISP DNS. This puzzled me."

The LAN Config service only takes effect AFTER running the Connect wizard on a client PC, right? So BEFORE I run the connect wizard, with a PC's DNS pointing to the router or ISP, how is the PC able to resolve the server name in the http://server/connect url to get to the connect wizard in the first place? Thank you.

Anonymous said...

First, awesome explanation by the OP. Ty.

Its possible i missed it in here but at least one other person had mentioned my issue but doesn't seem like they were looking for the same answer as myself. Maybe there isn't a way to do what i would like to do, so i pose the question here.

A. I have the SBS 2011 Essentials setup the old way. Static IP. DHCP Enabled (DHCP Disabled at the Router), DNS Enabled, added ISPs DNSs to the forwarders list. Clients DNS Set to SBS2011 Server IP via DHCP. Good to go.

B. The SBS 2011 Essentials is adding the local default gateway (192.168.1.1) to the top of the DNS Forwarders List in the DNS Server configuration. Problem is that whenever the router is at the top of the DNS Forwarders list, clients and the server are not able to browse to most if not all websites by FQDN. If i delete the 192.168.1.1 from the list or move it to the bottom Clients and the Server are able to browse to websites using FQDN again. Problem is that the server keeps putting the 192.168.1.1 to the top of the list at some point, timed interval via a scheduled task or server reboot, or both, or by some other means? Not sure.

C. Maybe the fact that the Router isn't properly resolving DNS Queries when forwarded from the Server indicates a problem with the Router? Either way I'd rather just use the ISPs DNSs like all the other setups we have. Besides i know when the DNS Server is only using ISPs DNSs as Forwarders, everything works.

D. I found an article that talks about doing what i want, but requires running a Powershell script at logon with task scheduler. I'd rather just prevent the behavior instead of relying on a task to change the settings. See (http://titlerequired.com/2012/05/04/quick-fix-dns-forwarders-sbs-2011-essentials)

E. I would like to know how to prevent/disable the behavior discussed @ B. . Registry Key, disabling a service on the Server, disabling a scheduled task? If so which ones?

Thanks for any help or direction anyone can provide.

jwthrman said...

Sean, can you answer "anonymous" from 5/22/2012 11:41 AM please.
I have been "fighting" with a client's SBS2011 Essentials since day one and I am seriously considering blowing it away and starting over with SBS2011 Standard due to all the issues with DNS and browsing. Thanks. (I've been working with SBS since 2003)

Sean Daniel said...

Sorry for the delays here, been absolutely swamped...

@Olivier
Ensure you have the latest updates from Microsoft Update. Then if you still are stuck, then ensure you are set up from a DHCP perspective correctly, meaning that your DHCP Server (router) is handing out your SBS server's IP address as the primary DNS server. Additionally, ensure that the SBS server either has a statically defined IP address in the router, or it's set up as static on the server, outside of the DHCP range. Then disable the Windows Server Lan Configuration service on the client computers.

@Cory
Windows uses NetBIOS and WINS to resolve as well as DNS, so when DNS fails to resolve "HOSTNAME", it turns to NetBIOS and WINS to resolve. This works fine on networks that don't use a DNS Proxy type of solution like OpenDNS. If OpenDNS is in use, you'll find that we actually prompt you for the IP address of your server. Sorry this went unanswered for so long, I must have missed it.

Anonymous and jwthrman
Windows DNS will automatically add forwarders to it's DNS entry. I agree, very irritating, it's not something the SBS team can control. In this case, I would simply ensure that your router is configured with correct internet DNS entries. I'd also put the router into the DNS Forwarders list, and put it at the bottom, so Windows see's it in the list and doesn't add it. Unfortunately I haven't had this problem, so I'm not entirely sure the best way to resolve it, but that's where I would start. jwthrman, since Windows does this by default, I'm not sure a re-install would fix your issue. Sorry.

Anonymous said...

Hi,

Everyone is talking aboutusing a static IP on the server, when would you not use a static IP on a server? I've just done my first two SBSe installations and also have been doing SBS since 1997, also not happy with all this new stuff. I vaguely understand some reasoning here when things have to do with portable machines coming and going but I'd like to ask. Is there anything wrong with giving the server a static IP but the ISP's DNS servers, as has the router and all clients. None of them leave the office.

Thanks, Mark

Sean Daniel said...

Hi Anonymous,

What's buried in the comments is that anyone who can find this blog, probably *would* want a static IP on a server, but we had goals to support people who only use clients, and wouldn't think about it, so we needed to make sure it worked on a static IP as well. This was the solution for those people. There are roughly 20% of SBS users that actively read blogs and support it, like 80% or so, just install it and don't know anything about it. So we need to make a solution that would solve this.

From reading these comments, we didn't solve it. (D'oh!), I have alerted the SE team on this thread on multiple occations

Anonymous said...

It would be a huge help if you can explain this to me. It's become an embarassment and one of my clients is asking if we got the right OS for the job. In Launchpad you get a link to "Shared Folders", that's handy, but it shows all shares on the server, including onew I may create for admin purposes. I know I can probably use the $, but why are we presenting users with all shares on the server, including the netlogon and sysvol shares? Users have no business going there? Is it because I've made everyone an administrator? That link would be better pointing the the "Company" folder. Thanks, Mark

Anonymous said...

Could it be related to the odd implimentation of auto DNS configurations? I've Recently built two SBSe machines, both with the Intel S1200BTL MB. They both exibit the same behavoir in that if powered down, upon restart the NIC has no connection. this is configured with a static IP. Only after going into NIC properties and setting speed to 10 Mb, then back to Auto does it work. Intel says they have not seen this with SBS but has not tried the board with SBSe. They say they are trying now, just for me!

Anonymous said...

Hi Sean,
Been reading your articles for years, thanks for a lot of help over that time!

Like Brian, having deployed many SBS boxes over the years was also surprised to not have to choose a static IP, and so went static during the setup (I agree a small explanation in the setup wizard would have been nice). I also as a habit usually configure the SBS NIC with the loopback address as a secondary DNS server.
Will that now effect anything here, or make no difference? (I can't think of any reason why).

As a side note, my UPnP enabled router also wouldn't play with the Remotte Setup Wizards, and still doesn't appear in the DNS forwarders (both SBS DNS and Router DNS are using Open DNS).

Router is a SmartRG ClearAccess SR100G

Thanks,
Dom

Anonymous said...

Hi Sean

I am also experiencing an issue with the DNS not updating when a user takes their laptop out of the office and connects to a different network. I have been adding a secondary DNS entry as a workaround to allow them to use the internet but when the user returns to the office the LAN configuration service updates the DNS which removes the second entry. When they next leave the office and connect to a different network the DNS is not reverted.

It seems to only affect the Wireless connection.

I have noticed a lot of people are also experiencing this problem. Is there a solution to this?

Thanks

Dan

Anonymous said...

I think I might be missing something obvious but how are you supposed to setup port forwarding from the modem/router to the SBS server for RWW & OWA if it's on a dynamic LAN IP? The uPNP broadcast is likely to tell the PCs where the server is but it's unlikely all routers will reconfigure port forwarding based on the uPNP broadcast.

Sean Daniel said...

@Boma23:
Yes, we wanted to make SBS set up out of the box super simple. there was less networking requirements without Exchange in the box. the DNS address in the NIC on SBS should be 127.0.0.1 (local host).

@Anonymous:
Above in the comments is how you can override this.
(a) give your server a static IP address outside of the scope of your DHCP server
(b) set up your DHCP server (your router) to hand out the static IP you set in (a) as the primary DNS server
(c) disable the Windows server LAN configuration service on all client computers.

That's all there is to it.

@Mr. Fett
If you're going to manually set up port forwarding, please set your server to have a static IP address, if it's UPnP, the server will keep the port mapping updated for you.

Henri Fournier said...

I have the same problem at a client site with SBS2011E. When notebooks are taken offsite, the DNS does not always revert back to auto. They do use VPN, so I suspect as others have noted that losing the VPN connection may be causing the problem. In fact, DNS on the client is set to the VPN IP address on the server, so VPN is definitely involved.

I found that running:
IPCONFIG /RELEASE
IPCONFIG /RENEW
seems to fix it. You can include those in a batch file on the Desktop, but you have to be an admin to run those.

This thread has been quiet for a long time. I would expect that a fix would have been made available by now.

Henri

Mark Berry said...

Sean,

I'm assuming this info applies to 2012 Essentials as well? I have set that up as described in your 8/3/12 post:

(a) give your server a static IP address outside of the scope of your DHCP server
(b) set up your DHCP server (your router) to hand out the static IP you set in (a) as the primary DNS server

However 2012e is complaining about losing Internet connectivity several times a day. Now that I think about it, no wonder it's causing problems, because the first entry in my router's DNS points to the 2012E server, and the server's DNS points to the router as the first forwarder, so it becomes an infinite loop.

I tried removing all DNS forwarders, but the router keeps magically reappearing. I tried putting the ISP's DNS servers ahead of the router, but the router goes back to #1 on reboot. I'm pretty sure I could control the forwarders in SBS 2008, and I can't find any references on this auto-population as a standard DNS "feature." Is the only solution to use a scheduled task to keep clobbering the forwarding list?

Blogging this here:

http://www.mcbsys.com/techblog/2013/02/2012-essentials-internet-connection-errors/

Sean Daniel said...

Hi Mark, uncertain if this applies to 2012, but I guess it's a good start. Try adding your ISP's IP addresses or OpenDNS IP addresses or the like to the DNS Forwarders.

Jereme Thomas said...

I'm experiencing the same issue with client computers not reverting back to "Obtain DNS Server Automatically" when not connected to the SBS 2011 Essentials network. I have been fighting this issue for months. It is very frustrating.

Has this issue been fixed in Windows Server 2012 Essentials?

DubOnline said...

Hi Guys,
This is the most strange problem that I have never come across before. I have recently installed a new SBS 2011 standard(not essentials) server in a small company of 4 employees. Everything is working fine including emails, owa, file access except that on all of the computers, certain sites are not opening up like www.xe.com. Other sites like gmail, google, msn open up in a flash. When you type www.xe.com in the address bar, the title instantly changes to the xe.com webpage title indicating that the site has been located but takes forever to load it, and when it does load it's incomplete and the formatting is all over the place. The server and all the clients are fully uptodate. To eliminate firewall or antivirus issues I have even uninstalled Norton and avg incase they were causing the problem but no joy.

This is happening to other sites as well and there are several of them and yes I have rebooted the server several times and the clients as well. This happens in IE and Chrome both.

I have tried to google it a lot and tried the following links a well

http://titlerequired.com/2012/05/04/quick-fix-dns-forwarders-sbs-2011-essentials/

http://community.spiceworks.com/topic/248431-sbs-2011-dns-problem

What's going on here. Please help

Adso said...

A customer at which I installed SBS 2011 Essentials on an HP Microserver, asked me to add a standalone XP box to the domain so that it could benefit from client computer backups. This PC's only function was as a RealVNC Server to allow a remote worker to update files just on that PC. The remote tool used is VNC viewer. Since joining the domain VNC Viewer times out on connection. Googling the issue comes up with a solution for SBS 2011 involving changing group policy to turn off "Protect All Network Connections" for XP clients, but I can't find this option within SBS 2011 Essentials. What am I doing wrong?

Omar Butt said...

Hi All, After banging my head against a brick wall I found the solution myself. Seems like the problem is with the service provider. The way I tested it was by using a free proxy server on the internet and all the websites worked within the computers on the network. It's either a matter of replacing the modem or changing the service provider to a different one. I will keep you all posted in the next few days.

Omar Butt said...

Sorry guys. Just to clarify I was posting for the comment on 4/08/2013 1:18 PM with username DubOnline which is myself as well.

raisinron said...

My question/comment applies to a Server 2012 Essentials box I just installed for a client: About two days after install, I got a call from the ISP's security office (Cablevision/Optimum Online) indicating this brand new server was an intermediate participant in the Spamhaus DDOS attack, and insisting that we modify the server's DNS to disable recursion, which also turns off any use of forwarders [including the router!]. Can someone (Sean?) suggest how to reconfigure so that users successfully and reliably resolve both local and external addresses?

Unknown said...

Hi all,

Been using SBS 2011E for 6 months,

Since last month, I also get the same problems as well. My internet is losing everyday and first thing I have to do everytime is changing the DNS of the clients to obtain DNS automatically. But, this is just temporary solution I think, because I have to do it everyday. Anyone can suggest?

Sean Daniel said...

raisinron & Kitti,

Out of the BOX DNS is set up correctly, the DNS server on SBS is installed and operational.

Client Computers are handed out the local IP address of the server to resolve DNS addresses

The SBS Server Network adapter settings are pointing to 127.0.0.1, local host, DNS will then work on the local network correctly.

The DNS Server on the server is configured to query "root" DNS servers, although in some installation environments, DNS detects more appropriate forwarders. This is often the IP address of your router, or in some cases, the IP address of your ISP. You can change the forwarders to whatever you want, like Google DNS or OpenDNS or your ISPs DNS, which will facilitate Internet name resolution.

Hope that helps

rgeunes said...

Thanks Sean!

Anonymous said...

We've got the issue with Windows 8 laptops on an Essentials 2012 domain. The Windows Server LAN Configuration service is disabled on laptops but some of them still have static DNS server settings that appear when out of the office. These are repeatedly changed back to use DHCP server, but it makes no difference the next time the laptop is out of the office.

Matt Davidson said...

Hello! I realize that this forum is way past ancient, but I've all but run out of places to look. We are having the same issue where the computers do not revert back to automatic when they leave the office. If this issue has been resolved I would love to know how.

Thanks

Sean Daniel said...

Sorry Matt, I can't recall the details on how this works anymore.

AnnoyedTech said...

How exactly did you think hijacking DNS was a good idea? Next time you want to *help*, maybe just setup DHCP correctly instead. At least that solution would fail gracefully as opposed to this.

Its 2016 now, Windows 2016 Standard server with the essentials role installed as a MEMBER server on a larger domain, is still HIJACKING DNS entries on client machines like MALWARE. (worse, malware can be removed)

Great news ! The 'Windows lan config' services is gone, the SkipAutoDnsConfig registry entries that worked in 2012 seem to be ignored now. So can someone tell me how to turn off this stupid behavior so my clients can go back to using the DOMAIN CONTROLLER FOR DNS LIKE DHCP IS SET TO CONFIGURE THEM !

Undocumented, Non-standard, non-compliant, uncontrollable behavior like this isn't even remotely helpful to novices. It is even worse for them cause even experienced admins have no idea how to disable this crap, really wtf were you thinking?

Literally no one knows how to turn this network breaking *feature* off ?

calvinewers said...

The default local address for the network router is 10.0.0.1 and this is also a “class A” internet protocol address private IP address